Platform
linux
Component
checkmk
Fixed in
2.5.0b4
CVE-2026-33455 describes a Livestatus injection vulnerability found in Checkmk. An authenticated attacker can exploit this flaw by injecting malicious Livestatus commands through the monitoring quicksearch functionality. This vulnerability impacts Checkmk versions prior to 2.5.0b4. A fix addressing this issue is available in version 2.5.0b4.
CVE-2026-33455 in Checkmk allows an authenticated attacker to inject Livestatus commands via the search query in the monitoring quicksearch. This is due to insufficient input sanitization in search filter plugins. A successful exploit could allow an attacker to execute arbitrary commands on the Checkmk server, potentially leading to remote code execution, denial of service, or information disclosure. The severity of this vulnerability depends on the authenticated user's privileges and the Checkmk system configuration. Updating to version 2.5.0b4 or later is crucial to mitigate this risk. Failure to update could compromise the integrity and confidentiality of monitored data.
An attacker with authenticated access to Checkmk can exploit this vulnerability by injecting malicious Livestatus commands into the quicksearch field. These commands, once injected, will be executed on the Checkmk server, potentially compromising the system. The complexity of exploitation is relatively low, requiring only authenticated access and the ability to enter a search query. The potential impact is high, depending on the attacker's privileges and system configuration. The vulnerability lies in how Checkmk handles user input in search filter plugins, allowing the execution of unwanted commands. The lack of proper input validation is the root cause of this vulnerability.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
The solution for CVE-2026-33455 is to update Checkmk to version 2.5.0b4 or later. This version includes fixes for input sanitization in search filter plugins, preventing Livestatus command injection. In the interim, as a temporary measure, restrict access to the quicksearch function to users with minimal privileges. Additionally, review and audit custom search filter plugins to ensure they implement proper input sanitization. Immediate application of the update is the best defense against this vulnerability. Monitoring system logs for suspicious activity can also help detect potential exploitation attempts.
Update Checkmk to version 2.5.0b4 or higher to mitigate the (Livestatus) injection vulnerability. This update corrects the inadequate sanitization of input in search filter plugins, preventing the execution of arbitrary commands.
Vulnerability analysis and critical alerts directly to your inbox.
Livestatus is a protocol that allows access to real-time status information from Nagios or Zabbix servers.
It means the attacker needs to have a valid user account in the Checkmk system to exploit the vulnerability.
As a temporary measure, restrict access to the quicksearch function and review custom plugins.
Review system logs for unusual Livestatus commands or suspicious activity.
You can download version 2.5.0b4 from the official Checkmk website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.